Host Trust Link
Host Trust Link (HTL) is an optional service to tightly bind communication between a client application and the SafeNet Luna Network HSM appliance. HTL offers protection of appliance/client registrations for cloud solutions. HTL operates as a process within the appliance (htld).
|
Facility Keyword |
Software Process |
Log File |
|---|---|---|
|
|
|
|
Expected Log Messages
Normal Startup
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : NBSD loaded a PCI HSM at physical slot 2 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Network Bus Command Processor configured with 50 worker threads 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Listening for HTL status queries 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Listening for OTT expiry events 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : "Luna Network Bus 1.0 Command Processor" module version 2.0 loaded
These messages indicate normal startup of the HTL process.
Client Connection
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Connection accepted from: 192.168.0.100/40847 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Identify result from: 192.168.0.100/40847, result: Success 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Handshake result from: 192.168.0.100/40847, result: Success 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Starting connection processing 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : HTLD Client "192.168.0.100" connected and authenticated : 192.168.0.100/40847. 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : One-time token validated successfully 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Sending dynamic certificate and private key sent to client 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Reinitializing connection for: 192.168.0.100/40847 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Handshake result from: 192.168.0.100/40847, result: Success 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Starting connection processing 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Client connection exists; resuming : 192.168.0.100/40847 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : HTLD Client "192.168.0.100" connected and authenticated : 192.168.0.100/40847. 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Initial counter information sent to client 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Client acknowledged counter data; HTL link is up
These messages indicate successful HTL establishment between the HTL service and a client.
Connection Removed
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Grace period expired for client 192.168.0.100; cleaning up 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Terminated 1 NTLS connections for user 192.168.0.100 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Command processor instance for client 192.168.0.100 removed : 192.168.0.100/40847
These messages indicate that the HTL service terminated a host trust link with a client.
Instance Wrapped
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Unique command processor instance ID wrapped around.
This message indicates that the internal counter that maps HTL identifiers reached its limit and reset to 1.
Shutdown
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 :: Terminating. 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : "Luna Network Bus 1.0 Command Processor" shutting down.
These messages indicate an orderly shutdown of the HTL service.
Unexpected Log Messages
Incompatible Components
2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000105 : Version 2.0 is not supported by HTL command processor : RC_FUNCTION_NOT_SUPPORTED
This message indicates an incompatibility between the datapath and command processor components of the HTL service.
Client Connection Failures
2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Fail to return a command response to 192.168.0.100 : 192.168.0.100/40847 : RC_GENERAL_ERROR 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000001 : Fail to create command processor instance for client 192.168.0.100 : 192.168.0.100/40847 : RC_MEMORY_ALLOCATION 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Invalid client registration observer. 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Invalid client registration observer operation: 9.
These messages indicate a failure of the HTL service to complete the host trust link for a client.
Client Connection in Progress
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Client connection already in progress : 192.168.0.100/40847
This message indicates that the HTL service detected a connection request in an unexpected state.
Invalid Client Credentials
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : Client credentials cannot be verified : 192.168.0.100/40847
This message indicates that the HTL service did not receive valid client credentials.
One-Time Token Expiry Handler
2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0 : Exception in OTT expiry handler: <exception string> 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0 : Error accepting connection in OTT expiry handler: <error string> 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0 : Cannot get OTT expiry: client config file invalid 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0 : OTT expiry timer fired for client 192.168.0.100; removing OTT
These messages indicate a problem with the one-time token that is integral to the HTL service.
HTL Status
2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0 : Exception in HTL status query handler: <exception string>
This message indicates a failure to get the status of the HTL service.
Memory Errors
2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000001 : Failed to allocate connection request response buffer [size = 100] : 192.168.0.100/40847 : RC_MEMORY_ALLOCATION 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000001 : Failed to allocate auth response buffer [size = 100] : 192.168.0.100/40847 : RC_MEMORY_ALLOCATION 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000001 : Failed to allocate key exchange response buffer [size = 100] : 192.168.0.100/40847 : RC_MEMORY_ALLOCATION 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000001 : Failed to allocate counter init response buffer [size = 100] : 192.168.0.100/40847 : RC_MEMORY_ALLOCATION 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000001 : Failed to allocate sync beacon response buffer [size = 100] : 192.168.0.100/40847 : RC_MEMORY_ALLOCATION
These messages indicate a failure to allocate memory within the HTL service.
Client Setup Errors
2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Fail to initialize token interface : RC_GENERAL_ERROR 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Fail to initialize client registration database : RC_GENERAL_ERROR 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Fail to populate client registration database : RC_GENERAL_ERROR 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Fail to reset client registration entry's flags : RC_GENERAL_ERROR 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Fail to create token manager object : RC_GENERAL_ERROR 2012 Feb 29 12:05:01 myLuna local5 err HTLD[1234]: error : 0xc0000002 : Fail to Initialize VToken Manager : RC_GENERAL_ERROR
These messages indicate that the HTL service failed to set up the host trust link with an intended client.
Connection Errors
2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Backup OTT matched in grace period 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: One-time token validated successfully 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Unable to validate one-time token 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Unable to derive shared secret for dynamic certificate exchange 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Unable to create dynamic certificate and private key 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Unable to register dynamic certificate 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Sending dynamic certificate and private key sent to client 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Initial counter information sent to client 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Received counter is not aligned with increment steps 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Counter is outside allowable drift range 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Client acknowledged counter data; HTL link is up 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: HTL message timer expired. Terminating HTL link. 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Client disconnected. Entering grace period. 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Client disconnected. Cleaning up. 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Server closed HTL connection. Entering grace period. 2012 Feb 29 12:05:01 myLuna local5 info HTLD[1234]: info : 0xc0000002: Server closed HTL connection. Cleaning up.
These messages indicate a failure in the HTL service’s ability to establish and maintain a connection with a client.
Random Number Generator
2012 Feb 29 12:05:01 myLuna local5 crit HTLD[1234]: critical : 0 : Unable to find HSM for RNG
This message indicates that the HTL service was unable to connect to the internal HSM for the service’s source of random number data.
